CVE-2020-36826: A vulnerability was found in AwesomestCode LiveBot. It has been classified as problematic. Affected is the function parseSend of the file js/parseMess...

Description

A vulnerability was found in AwesomestCode LiveBot. It has been classified as problematic. Affected is the function parseSend of the file js/parseMessage.js. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. Upgrading to version 0.1 is able to address this issue. The name of the patch is 57505527f838d1e46e8f93d567ba552a30185bfa. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-257784.

Metrics

CVSS 3.1

3.5/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

EPSS Probability

0.43%

34.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

References

Timeline

Published: Mar 25, 2024
Last Modified: Jun 17, 2026
Status: Deferred

Frequently Asked Questions

What is CVE-2020-36826?

A vulnerability was found in AwesomestCode LiveBot. It has been classified as problematic. Affected is the function parseSend of the file js/parseMessage.js. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. Upgrading to version 0.1 is able to address this issue. The name of the patch is 57505527f838d1e46e8f93d567ba552a30185bfa. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-257784.

How severe is CVE-2020-36826?

CVE-2020-36826 has a CVSS score of 3.5/10 (LOW severity). The EPSS model estimates a 0.43% probability of exploitation in the next 30 days.

How do I fix CVE-2020-36826?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.